Palo Alto VPN bug graduates from advisory to active exploitation
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Rapid7: Attackers exploit authentication bypass flaw in the wild, meaning more emergency patching for PAN-OS users
Emergency patches out now for those managing the millions of domains assumed to be affected Emergency patches are available for a critical vulnerability in cPanel and WHM that allows attackers to bypass authentication and gain root access to servers managed using it.…
No reports of active exploitation (yet) Watch out for more Fortinet vulns! Two critical bugs in Fortinet's sandbox could allow unauthenticated attackers to bypass authentication or execute unauthorized code on vulnerable systems.…
Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of an authentication bypass vulnerability that opens the doors to an emergency administration account with nothing more than a "carefully crafted URL."…
Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…
Mondays are for checking months of logs, apparently, if MFA's not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could have allowed crims to pass Okta AD/LDAP Delegated Authentication (DelAuth) using only a username.…
The group bragged they could steal one-time passwords from Apply Pay and 30+ sites A trio of men have pleaded guilty to running a multifactor authentication (MFA) bypass ring in the UK, which authorities estimate has raked in millions in less than two years. …
Defenses need a rethink in face of increasing sophistication Cyber attacks using AI-generated deepfakes to bypass facial biometrics security will lead a third of organizations to doubt the adequacy of identity verification and authentication tools as standalone protections.…
Phemedrone Stealer loots drives for passwords, cookies, login tokens, etc Criminals are exploiting a Windows Defender SmartScreen bypass vulnerability to infect PCs with Phemedrone Stealer, a malware strain that scans machines for sensitive information – passwords, cookies, authentication tokens, you name it – to grab and leak.…
Issue has been around since at least 2012 A years-old Bluetooth authentication bypass vulnerability allows miscreants to connect to Apple, Android and Linux devices and inject keystrokes to run arbitrary commands, according to a software engineer at drone technology firm SkySafe.…
Not that we're encouraging anyone to defeat this fingerprint authentication Hardware security hackers have detailed how it's possible to bypass Windows Hello's fingerprint authentication and login as someone else – if you can steal or be left alone with a vulnerable device.…
Good thing you're not exposing admin port 8443 to the world, right? Uh, right? A critical authentication bypass bug in MobileIron Sentry has been exploited in the wild, its maker Ivanti said in an advisory on Monday.…
Need deepfake tools? GitHub's got 'em All of the materials and tools needed to make deepfake videos – from source code to publicly available images and account authentication bypass services – are readily available and up for sale on the public internet and underground forums. …
Nothing like an authentication bypass for your private IPSec network Cisco patched three security vulnerabilities in its products this week, and said it will leave unpatched a VPN-hijacking flaw that affects four small business routers.…
The 'widespread' campaign hunts for multimillion-dollar transactions A business email compromise scheme targeting CEOs and CFOs using Microsoft Office 365 combines phishing with a man-in-the-middle attack to bypass multi-factor authentication.…
Meanwhile, a security update for rsync VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.…
Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable FileWave has fixed a couple vulnerabilities in its endpoint management software that could allow a remote attacker to bypass authentication and take full control of the deployment and associated devices.…
Critical authentication bypass revealed, older flaws under active attack Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.…
BIG-IP iControl authentication bypass, NFV VM escape, and more F5 Networks and Cisco this week issued warnings about serious, and in some cases critical, security vulnerabilities in their products.…
Authentication bypass followed by remote-code execution at the network boundary Sophos has patched a remote code execution (RCE) vulnerability in its firewall gear that was disclosed via its bug-bounty program.…